{"id":21566,"date":"2023-03-27T07:30:11","date_gmt":"2023-03-27T15:30:11","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2023\/03\/27\/news-15297\/"},"modified":"2023-03-27T07:30:11","modified_gmt":"2023-03-27T15:30:11","slug":"news-15297","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/03\/27\/news-15297\/","title":{"rendered":"How to restore information in an edited screenshot | Kaspersky official blog"},"content":{"rendered":"

Credit to Author: Alanna Titterington| Date: Mon, 27 Mar 2023 14:32:46 +0000<\/strong><\/p>\n

You might think that hiding sensitive information in a picture is a cakewalk. Just blot out your secrets with a big black marker in any image editor. Or even better: just crop the bit of the photo or screenshot that contains your personal data. What could possibly go wrong?<\/p>\n

Quite a lot, in fact. We’ve already posted about how not to hide information in images<\/a> and how not to retouch pictures embedded in documents<\/a>. But a recent study shows that you can still come a cropper, so to speak, even if you take just about every conceivable precaution\u00a0\u2014 and all due to a bug related to image processing. Let’s take a closer look at how two standard image-editing tools \u2014 one on Google Pixel and the other in Windows\u00a011 \u2014 can reveal supposedly hidden information in images.<\/p>\n

How to recover hidden information in screenshots edited on Google Pixel<\/h2>\n

It all started when security researchers Simon Aarons<\/a> and David Buchanan<\/a> discovered a vulnerability they named Acropalypse<\/a>: it turns out that Markup, the Google Pixel built-in image editor, saves edited PNG files in a way that lets them be fully or partially recovered.<\/p>\n

When processing PNG images, instead of saving a completely new PNG file, Markup overwrites the old one in a very peculiar way. If you crop a picture, its size in bytes compared to the original decreases, of course. The same thing happens if you paint over part of an image with a single color\u00a0\u2014 thanks to the compression algorithms that are very good at packing solid-colored areas. But the file saved after editing in Markup has the same size as the original: the app simply overwrites the new data on top of the old, leaving a “tail” of the initial image data in the file. And with the help of a tool created by the researchers (available online<\/a>), it’s possible to partially restore the original.<\/p>\n

Here’s how the researchers themselves illustrate what’s going on:<\/p>\n

\"Illustration<\/a><\/p>\n

Recovery of an image edited with Google Pixel Markup. Source<\/a><\/p>\n<\/div>\n

Note, though, that the screenshot used as the example here is both redacted AND cropped<\/em>. Thus, importantly, the resulting image is significantly smaller than the original. After the edited version is saved on top of the original, there’s a lot of non-overwritten data at the end of the file that can be recovered. And the fully unrestored or badly-restored area\u00a0\u2014 the top third of the resulting picture\u00a0\u2014 just so happens to contain nothing important.<\/p>\n

So the researchers’ demonstration should be taken as an ideal case: in real life, the success of the tool will almost certainly be lower, and the result will largely depend on the circumstances. But that doesn’t mean the problem can be ignored\u00a0\u2014 this vulnerability is nothing if not very unpleasant.<\/p>\n

It affects the following Google smartphones (highlighted are models that are no longer supported and will probably not get updates):<\/p>\n